Friday, September 01, 2006

CA eTrust Antivirus Pulls a Boner

Via the SANS ISC Daily Handler's Diary.

Reader Alan writes in to tell us that apparently "an overnight signature update to the VET engine (30.3.3054) on CA eTrust Antivirus has begun to flag the LSASS.E X E service of Windows 2003 server as being infected with Win32/Lassrv.B."

"Some Win2k3 servers have been failing and unable to re-boot, since the service (exe) was removed by the virus software.

CA has released an update to VET (30.3.3056) that seems to have corrected the problem, but in some cases the damage has already been done."

It seems that CA accidentally flagged Lsass.e x e as a bad file. Reminiscent of the McAfee .xls debacle of not too long ago.

Link.

1 Comments:

At Sun Sep 03, 09:44:00 AM PDT, Anonymous Anonymous said...

I had this problem with a clients server on 01/09. Server boots to login screen and then shows "lsass.exe terminated unexpectadly windows will shut down in 60 seconds", almost as if the server was infected with blaster or sasser.

As a cert. partner I called Microsoft and they knew immediately what the problem was and reported they have been dealing with hundreds of calls regarding this issue. They pointed me to the engine update which I installed and all was working again.

Nice one CA!

 

Post a Comment

<< Home